Versions (5)
Version DetailsCurrent
Rev: 1 • Aug 12, 2022, 12:00 PMET EXPLOIT Possible Zavio IP Camera OS Command Injection Attempt Inbound (CVE-2013-2568)
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Zavio IP Camera OS Command Injection Attempt Inbound (CVE-2013-2568)"; flow:established,to_server; http.uri; content:"/cgi-bin/mft/"; startswith; fast_pattern; content:"ap="; distance:0; content:"|3b|"; distance:0; pcre:"/[?&]ap=/U"; reference:cve,2013-2568; classtype:attempted-admin; sid:2038502; rev:1; metadata:attack_target Networking_Equipment, created_at 2022_08_12, cve CVE_2013_2568, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2022_08_12, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)
Aug 12, 2022, 12:00 PM
Aug 12, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-exploit.rules